CVE-2024-3505 - Proxy Configuration Accessible to Low-privilege Users

JFrog Release Information

ft:sourceType
Paligo

CVE ID

Severity

CWE / Weakness Type

Date Published

Date Updated

CVE-2024-350

Medium

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

11 Apr 24

11 Apr 24

Description

JFrog Artifactory Self-Hosted versions prior to 7.77.3 are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments.

Severity

Medium

Affected Products

Product

Affected Version

Patched Version

Artifactory Self-Hosted

< 7.77.3

7.77.3

How to Fix

  • Cloud environments: Cloud environments are not affected by this issue.

  • Self-Hosted environments: To fix this issue, take the following action. Upgrade your version of Artifactory to one of the versions listed below.

Workarounds and Mitigations

None

Acknowledgements

This issue was discovered and reported by a JFrog customer.